{"id":9418,"date":"2025-07-31T10:46:50","date_gmt":"2025-07-31T10:46:50","guid":{"rendered":"http:\/\/localhost\/?p=9418"},"modified":"2025-07-31T10:46:50","modified_gmt":"2025-07-31T10:46:50","slug":"nyariv-sandboxjs-0823-prototype-pollution-sandbox-escape-dos","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=9418","title":{"rendered":"nyariv sandboxjs 0.8.23 Prototype Pollution Sandbox Escape DoS"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nnyariv sandboxjs 0.8.23 Prototype Pollution Sandbox Escape DoS<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-07-31T14:59:35.716Z<\/td>\n<\/tr>\n
Modified<\/th>\n2025-07-31T14:59:35.716Z<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nnyariv<\/td>\n<\/tr>\n
Product<\/th>\nsandboxjs<\/td>\n<\/tr>\n
Version<\/th>\n*<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n
Base Score<\/th>\n7.0 (HIGH)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:4.0\/AV:L\/AC:L\/AT:N\/PR:N\/UI:N\/VC:N\/VI:H\/VA:H\/SC:N\/SI:N\/SA:N<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nA prototype pollution vulnerability in @nyariv\/sandboxjs versions <=0.8.23 allows attackers to inject properties into Object.prototype, potentially causing a denial-of-service or escaping the sandbox environment. This is due to insufficient prototype access checks in the sandbox's executor logic.<\/td>\n<\/tr>\n
AI Severity<\/th>\nHigh<\/td>\n<\/tr>\n
AI Vendor<\/th>\nnyariv<\/td>\n<\/tr>\n
AI Product<\/th>\nsandboxjs<\/td>\n<\/tr>\n
AI Version<\/th>\n0.8.23<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n